AWS Velero
This terraform module provides an easy way to generate Velero required cloud resources (S3 and IAM) to backup Kubernetes objects and trigger volume snapshots.
Requirements
| Name | Version |
|---|---|
| terraform | 0.15.4 |
| aws | 3.37.0 |
Providers
| Name | Version |
|---|---|
| aws | 3.37.0 |
Resources
| Name | Type |
|---|---|
| aws_iam_access_key.velero_backup | resource |
| aws_iam_policy.velero_backup | resource |
| aws_iam_policy_attachment.velero_backup | resource |
| aws_iam_role.velero_backup | resource |
| aws_iam_role_policy_attachment.velero_backup | resource |
| aws_iam_user.velero_backup_user | resource |
| aws_s3_bucket.backup_bucket | resource |
| aws_caller_identity.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backup_bucket_name | Backup Bucket Name | string | n/a | yes |
| oidc_provider_url | URL of OIDC issuer discovery document | string | "" | no |
| tags | Custom tags to apply to resources | map(string) | {} | no |
Outputs
| Name | Description |
|---|---|
| backup_storage_location | Velero Cloud BackupStorageLocation CRD |
| cloud_credentials | Velero required file with credentials |
| service_account | Velero ServiceAccount |
| volume_snapshot_location | Velero Cloud VolumeSnapshotLocation CRD |
Usage
module "velero" {
source = "../vendor/modules/aws-velero"
backup_bucket_name = "my-cluster-staging-velero"
tags = {
"my-key": "my-value"
}
}
To use IAM Roles for Service Accounts (IRSA):
data "aws_eks_cluster" "this" {
name = "my-cluster-staging"
}
module "velero" {
source = "../vendor/modules/aws-velero"
backup_bucket_name = "my-cluster-staging-velero"
oidc_provider_url = replace(data.aws_eks_cluster.this.identity.0.oidc.0.issuer, "https://", "")
tags = {
"my-key": "my-value"
}
}
For more information about IAM Roles for Service Accounts to inject AWS credentials inside Velero's pods, click here